Fake Facebook Emails Deliver Malware Masquerading As Audio Message

An anonymous reader writes: A new spam campaign is targeting Facebook users. It uses the same approach as the recent one aimed at WhatsApp users, and Comodo researchers believe that the authors of both campaigns are likely the same. The fake emails are made to look like an official communication from the popular social network, and their goal is to make the victims believe they have received a voice message. The attachment that the recipients are urged to download and open contains a malicious executable — a variant of the Nivdort information-stealing Trojan.

I Am the Author

I am the Author of this malware and used it to steal the Anonymous Coward's password!

I received the message

[110010001000]

I got that message. I figured what is the harm in opening an executable I received in an attachment. After all, this is 1992! Modern times!

Re:I received the message

[alphatel]

I got that message. I figured what is the harm in opening an executable I received in an attachment. After all, this is 1992! Modern times!

Evolution has selected Facebook users for extinction.

Re:I received the message

I got that message. I figured what is the harm in opening an executable I received in an attachment. After all, this is 1992! Modern times!

No harm here. But, funny thing, I had to write back to complain it wouldn't run on BeOS and ask if they could send me a copy that would work on my machine.

"Facebook users"

I have no sympathy for anyone who uses Facebook and gets pwn3d by this shit.

Re:"Facebook users"

[mccrew]

I see that you have conveniently jumped straight to victim blaming rather than owning up to the bigger failing, which is why ordinary users should even have to worry about becoming owned by benign-looking attachments.

Especially for tech creators like so many of us here, this seems applicable: "When you point a finger at someone else, remember that there are three other fingers pointing back at yourself."

Re:"Facebook users"

To be fair, the OP didn't say he doesn't use Facebook, just that he doesn't care about those that are affect this and use Facebook. Logical operators...this is Slashdot. Or what's left of it.

Re:"Facebook users"

Yep, this is the attitude with most tech places. Which is why Apple tends to succeed because they actually factor in the idiot element with their devices. iOS doesn't have issues with dancing bunnies or Trojans, barring the Cydia ecosystem (where people tend to know better.) Android is pretty immune as well, although I've heard of people sideloading "securityfix.apk" file served up by an exploit site, but even then, it gets caught by the installer oftentimes.

OS X and Linux are a middle ground. If it doesn't come from a repo, store, or built from known good source, it doesn't get installed. Of course, there is Windows, and other than Metro apps, is still in the Dark Ages with hoping that the download didn't come with enhanced "features" like OpenCandy at the best, ransomware at the worst.

Re:"Facebook users"

[bloodhawk]

The reality is that with choice comes a certain amount of responsibility. a woman should be able to wear a skimpy outfit and walk down dark alley's at night safe, a rich person should be able to have hundred dollar bills hanging out his pocket without fear of being mugged. The reality is that if you want the freedom to do that it comes with certain risks that society (or computer programmers) can't fully mitigate without you giving up some freedoms.

Re:"Facebook users"

Windows if anything has some of the best protections with the various signed binary options, source detection etc. But most people don't enable it. Linux is probably the worst where realistically even half of the repo's aren't all that trustworthy so unless you are personally vetting stuff you are fucked.

Re:"Facebook users"

Idiots: We don't want to worry about getting our computers infected with a virus when opening random email attachments.

Programmers: OK, we'll fix that.... There now you can't send attachments in email anymore so no more worrying about it.

Idiots: But we need that to send files to each other!

Programmers: Nope, you can still use Dropbox or virtually any other cloud service, you can host the shit via an web server, or you can send shit via actual file transfer protocols like you were supposed to be doing all along. (SCP, Rsync, FTP, P2P, etc.)

Idiots: Well we don't wanna use them, so give us back file attachments and remove the size limits.

Programmers: OK.....Done.

Idiots: Wha? Why did we get infected by attachments again?

Programmers: Because we can only do so much to protect things that we don't control directly. You want the freedom to use email attachments how you see fit. With freedom comes responsibility. That means YOU must make sure that the attachments you open are safe before you open them, or pay the consequences if you throw caution and responsibility to the wind.

Idiots: But thinking is hard, and we hate responsibility. We are unable to use a computer if the icons move 0.000001cm from where we expect them for Christ-sakes. Make the damn things secure so we don't have to deal with this shit anymore. NAOW!

Programmers: OK.....Done, now you don't have a working IP stack anymore.

Idiots: *silence*

Programmers: Ahhhhhh.........

The moral of the story boys and girls is: Don't take for granted you have in front of you, and don't take the easy way out when it will only cause more problems.

Why? The average computer user knows next to nothing about them, and that really is the industry's fault. We've been babying the users too long and now that security is a real concern, they are unprepared to deal with it.

It used to be that we could simply automate the security for them, and make that the defaults. Most people would not know the difference much less go looking for it. This was easier than attempting to teach (more like force feed) the users about computers and how to be safe while using them. Mainly because they didn't want to learn that information and went out of their way to tell us such. Of course the reason we could take this automated security route at the time was because most people had very little valuable data (if they had any at all) and most hackers would not bother to go after such targets. The payout simply didn't justify the costs in doing so.

But now, that situation has changed. Now there are entire markets for what was once considered worthless information. Now that set of family photos is targeted by law enforcement. That web browser history is targeted by blackmailers and advertisers. That home security system is targeted by thieves. The list goes on and on. And so now we find ourselves in an environment where people are increasingly using computers and the internet for more and more private and valuable information, while at the same time being completely unwilling to accept any security checks or delays to safeguard that information. We have no-one to blame but ourselves. We should have bit the bullet early on and forced the newly forming groups of users out there to actually care about how the systems worked. Maybe not enough to be able to rewrite firmware, but definitely enough to realize the value gained by having good security, knowing the reasons why it's needed, and to have the patience to deal with it.

We need this now more than ever and we will need it even more in the future. We constantly complain on /. about some idiot manager / politician / our grandmother and their bone headed decision that causes everyone misery. We constantly complain about how some company got hacked and how screwed everyone and their dog is because of it. We complain, but we never address the real problem: Ignorance. We need to end this ignorance, but we must do it cautiously. If we try too hard at once, the users will just shut us down. They must not. For their safety and ours, we must abolish this ignorance.

Re:"Facebook users"

A few years ago, my mother-in-law got Zeus. It put a link on her facebook page, advertising a free ipad or something, and some of her friends had obviously clicked on it already. As soon as I noticed it, I called her.

ME: You've got a pretty bad virus. It's posted a link on your facebook page.
MIL: Nah, someone just guessed my facebook password. It was easy to guess. I changed it now.
ME: No, this is not a case of someone getting in to your account. You have a virus. I recognize the link it posted. This virus steals banking info so if you've done any sort of online banking recently, you need to call your bank.
MIL: Oh, I don't do any online banking, so it's fine.

After a couple of days, the link was still up, and I got an email from her/from Zeus. She stopped by so I talked to her about it again.

ME: You've still got that virus.
MIL: Well like I said, I don't do any online banking, so it doesn't matter.
ME: So, you didn't try to get rid of the virus?
MIL: I don't think I have a virus. Someone probably just guessed my password. It was just [hername123].
ME: If that's the case, why didn't you at least remove the link? You're infecting your friends.
MIL: I don't do online banking.
ME: But what about your friends that DO?
MIL: *shrug* I'm getting a new computer next month anyway.



And that's when I realized that instead of actually knowing and caring about what happened with her computer, my MIL just bought a new computer every few months, let it get filled with viruses and malware and spread them to others, then threw it out and bought a new one. Being responsible was just too much work for her.

Interesting.

Yesterday I noticed that the Facebook mobile app assigned a phone number to my tablet. I don't have a smartphone, and my tablet is not equipped with phone hardware. I have since deleted the phone number, however it still shows up whenever I log in to the mobile app from android. I called the number, and I get the "this call could not be completed as dialed" beep boops. TL;DR if they are able to spoof facebook communications, could this malware be using the facebook calling system to propagate the infection?

Re:Interesting.

[PPH]

mobile app assigned a phone number to my tablet.

Everything the phone company does involves phone numbers. Don't like it? Disable 3G/4G connectivity and live from WiFi AP to WiFi AP.

Re:Interesting.

[laurencetux]

you do know that there are in fact very nice tablets that

DO NOT HAVE A PHONE RADIO AT ALL

Re:Interesting.

The tablet may not use the phone number... but the SIM card giving the tablet 3G/4G/LTE does have a number. It may not work, but it is present, and is part of the cellular account.

Nothing to see here... move right along.

Re:Interesting.

and my tablet is not equipped with phone hardware

*Ahem*

Re:Interesting.

My tablet has no SIM, genius, because it is not equipped with phone hardware you know, wifi only?

Re:Interesting.

[truck_soccer]

The tablet doesn't have a sim card. or cell phone connectivity. Read the AC's post.

Re:Interesting.

[Krojack]

Yet more and more phone calls can be placed via VoIP over wifi, which tablets can do.

Re:Interesting.

Calm down. The phone number is probably the one assigned to the SIM card. Even if you don't make calls with the tablet, the SIM is there for 3/4G and has a number assigned.

Re:Interesting.

[sumdumass]

No phone radio required. Their accounting and authentication system assigns a phone number in order to allow and control access on their network. A number will be assigned whether you have capabilities or not. Think of it as an access code even though it looks like a phone number.

Re:Interesting.

[sumdumass]

Ignore this. I just noticed he was talking of the Facebook app not the tablet 3/4g access.

Re:Interesting.

Yeah, I get it. It's obviously coming from the SIM.

Re:Interesting.

All tablets have SIM cards, pay more attention.

Ob

[Hognoxious]

How do real Facebook emails deliver it?

Image recognition

[martinux]

Much of the spam I see is Paypal and Facebook. Shouldn't spam filters be image matching logos or looking for company names in an email and verifying the email came from a domain associated with that company?

Re:Image recognition

[pr0fessor]

from the microsoft account team outl.ook@outlook.com and a link to update my account information on some domain registered out of india that has been revoked... my spam filter caught it along with some similar ebay ones.

Re:Image recognition

[Krojack]

I just checked paypal.com's SPF. They are set to SoftFail. I feel like they should have that set to HardFail. SPF isn't 100% perfect but it does help.

Re:Image recognition

They obviously look for something. The (very few) spoof/spam emails that have gotten past my spam filters in the past couple of years have all had a warning that they might not actually be from paypal/facebook/etc. But of course, that requires me to read and heed that warning.

Welcome to the world of Skype

These exact spam campaigns have been going on in Skype for months now. Every day I get one. You'd think they would be able to filter them since the messages are all the same, except the sender is a semi-random 20 digit number.

did we suddenly go back in time?

[bloodhawk]

Sooo why is this an article here? seriously this has been a common attack method for over a decade.

Slashdot - News from the 1990s

Seriously this has been going on for decades but because it includes the word 'facebook' is now worthy of being called news?

Why are you still using Facebook?

Literally nothing good comes from Facebook, why are you still using it?

Oh, but how am I going to keep in touch with my 573,674 friends?

LOL, you have FIVE friends, the rest are Facebook 'bots.

I have Friends and Family I need to keep in touch with, they're important to me!

If they're so goddamn important, why can't you pick up a phone once a week and, I dunno, actually TALK to them? Or how about something SO RADICAL as actually seeing people in person?

I use this to represent my business

LOL nobody cares, get a fuckign webpage like everyone else, loser, you just have NO FRIENDS and are lonely. Try OKCupid or something.

You people are wasting time and energy and accomplishing NOTHING on Facebook. What was the last time you cleaned your house? Went to the gym? Out for a run, hell, even a WALK? You don't need to be glued to Facebook, the Internet, or your goddamn phone either. Go do something that actually matters and leave all that stupid shit behind somewhere. You might actually be healthier and happier in the long run.

Re:Why are you still using Facebook?

If I had a mod point right now, it would be yours. Good rant, completely agree.

Re:Why are you still using Facebook?

FIVE Friends. Wow, popular guy. I have ZERO. Yes, ZERO.

Re: Why are you still using Facebook?

I have -1 friends. Yes, I have so few friends it's undefined.

Re:Why are you still using Facebook?

Mod points appreciated but not necessary, just throw money. XD

Re:Why are you still using Facebook?

[malditaenvidia]

Settle down, gramps. You forgot to take your medication again.

Re:Why are you still using Facebook?

Hurr durr I are SOCIALLY AWKWARD PENGUIN, I avoid people, they're too scary and I'm too autistic to interact with them successfully!

You will NEVER have a girlfriend, and your WAIFU doesn't count, she's not real.

2016:
Thinking Failbook 'freinds' are real

LOL what a loser.

Re:Why are you still using Facebook?

I have extended family. They don't live close by, so seeing them in person isn't an option. I don't like talking on the phone, and if I did, calling 5 - 10 people to tell them the exact same thing would take up a lot more time than posting once on facebook. Honestly, I don't like talking to them, but posting on facebook every now and then keeps them off my back when we all gather for a funeral or some such. The internet is more fun than outside. It's cold outside. I've never been to a gym in my life.

What?

Whose email server still accepts executable attachments?

Re: What?

Our Exchange server only blocks a few of the types of executable files for Windows. Microsoft keeps adding file extensions that will execute so you have to keep playing whack a mole.

Re: What?

There are more than 50 file extensions in Windows that will execute. It's hard to get all of them, and it sucks that Exchange doesn't block them out of the box. Our company email was shutdown for almost a week after Microsoft added the .MSI extension, and our users kept installing trojans. Microsoft didn't give any warning before adding that crappy feature. At the time, we used a project management system that used the extension .mis, so users didn't notice the difference.

Re: What?

[SpeZek]

So use a whitelist, not a blacklist, for your blocking policies.

Or do the other smart thing and don't allow regular users to have admin privileges.

Fake mails Deliver Microsoft Windows Malware ..

[tetraverse]

"A new spam campaign is targeting Facebook users"

Shouldn't that be spam campaign is targeting Microsoft Windows?